Fixed indentation.

Now uses Person reference instead of id as login. Can be extended through a Python Script. git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@4468 20353a03-c40f-0410-a6d1-a30d3c3de9de

Fixed indentation.
Now uses Person reference instead of id as login. Can be extended through a Python Script. git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@4468 20353a03-c40f-0410-a6d1-a30d3c3de9de
f6342cb7 · Alexandre Boeglin · 008877c7 · f6342cb7
Commit f6342cb7 authored Dec 02, 2005 by Alexandre Boeglin
Show whitespace changes
Inline Side-by-side

Showing with 99 additions and 63 deletions

product/ERP5Security/ERP5GroupManager.py product/ERP5Security/ERP5GroupManager.py +99 -63

No files found.
--- a/product/ERP5Security/ERP5GroupManager.py
+++ b/product/ERP5Security/ERP5GroupManager.py
@@ -24,6 +24,8 @@ from Products.PluggableAuthService.utils import classImplements
 from Products.PluggableAuthService.interfaces.plugins import IGroupsPlugin
 from Products.ERP5Type.Cache import CachingMethod

+from pickle import dumps, loads
+
 from zLOG import LOG

 manage_addERP5GroupManagerForm = PageTemplateFile(
@@ -63,34 +65,68 @@ class ERP5GroupManager(BasePlugin):
    """ See IGroupsPlugin.
    """
    def _getGroupsForPrincipal(user_name, path):
+      security_category_dict = {} # key is the base_category_list,
+                                  # value is the list of fetched categories
      security_group_list = []
+      security_definition_dict = {}

      # because we aren't logged in, we have to create our own
      # SecurityManager to be able to access the Catalog
+      #FIXME here we assume that the portal owner will always have
+      #      enough rights, which might as well be wrong
      newSecurityManager(self, self.getPortalObject().getOwner())
-            base_category_list = self.getPortalObject().getPortalAssignmentBaseCategoryList()
-            
-            user_name = principal.getId()
-            
-            person_module = self.getPortalObject().getDefaultModule('Person')
-            person_object = getattr(person_module, user_name, None)
-            
-            # return no groups if the username is not registered in person module
-            if not person_object:
-                return ()
-            
-            # Fetch category values from assignment
-            category_list = self.ERP5Type_getSecurityCategoryFromAssignment(base_category_list, user_name, self, '')

-            # return no groups if we there are no Security Categories
-            if not category_list:
+      # To get the complete list of groups, we try to call the
+      # ERP5Type_getSecurityCategoryMapping which should return a dict
+      # like : {
+      #     'script_1':['base_category_1', 'base_category_2', ...],
+      #     'script_2':['base_category_1', 'base_category_3', ...]}
+      #
+      # else, if the script does not exist, falls back to :
+      # { 'ERP5Type_getSecurityCategoryFromAssignment':
+      #   self.getPortalAssignmentBaseCategoryList()}
+
+      mapping_method = getattr(self,
+          'ERP5Type_getSecurityCategoryMapping', None)
+      if mapping_method is None:
+        security_definition_dict = {
+            'ERP5Type_getSecurityCategoryFromAssignment':
+            self.getPortalAssignmentBaseCategoryList()
+        }
+      else:
+        security_definition_dict = mapping_method()
+
+      # get the person from its reference
+      catalog_result = self.portal_catalog(
+          portal_type="Person", reference=user_name)
+      if len(catalog_result) != 1: # we won't proceed with groups
+        if len(catalog_result) > 1: # configuration is screwed
+          raise 'ConsistencyError', 'There is more than one Person whose \
+              login is %s : %s' % (user_name,
+              repr([r.getObject() for r in catalog_result]))
+        else: # no person is linked to this user login
          return ()
+      person_object = catalog_result[0].getObject()
+      person_id = person_object.getId()
+
+      # Fetch category values from defined scripts
+      for method_name, base_category_list in \
+          security_definition_dict.items():
+        pickled_category_list = dumps(base_category_list)
+        method = getattr(self, method_name)
+        if not security_category_dict.has_key(pickled_category_list):
+          security_category_dict[pickled_category_list] = []
+        security_category_dict[pickled_category_list].extend(
+            method(base_category_list, person_id, person_object, ''))

      # Get group names from category values
-            for c_dict in category_list:
-                security_group_list.append(self.ERP5Type_asSecurityGroupId(category_order=base_category_list, **c_dict))
-                
-            LOG('erp5_groups', 0, 'user %s is member of %s' %(user_name, str(security_group_list)))
+      group_id_generator = getattr(self, 'ERP5Type_asSecurityGroupId')
+      for pickled_category_list, category_value_list in \
+          security_category_dict.items():
+        base_category_list = loads(pickled_category_list)
+        for category_dict in category_value_list:
+          security_group_list.append(group_id_generator(
+              category_order=base_category_list, **category_dict))

      return tuple(security_group_list)